Related Links

Related Stories

Top 5 Stories


Trend Micro security expert warns on hidden javascript tweets

17 June 2010

Rik Ferguson, senior security advisor with Trend Micro, has uncovered a potentially serious security attack on users of the Twitter microblogging service.

The attack centres on a tweet-based link that routes to an obfuscated Javascript routine and which delivers a variety of malicious payloads via the users' web browser.

The attack vector is essentially a rework of the popular phishing emails seen on regular email services for the last couple of years, Infosecurity notes, but this is one of the first times a Javascript vector has been used with Twitter.

In his Countermeasures security blog posting, Ferguson said that Trend's research team has seen both malicious PDF documents and executable files from this attack scenario.

"These Trojans attempt to connect to additional locations to download further malware. TrendLabs are currently investigating the situation", he said.

According to Ferguson, this latest Twitter malspam attack follows hot on the heels of the Gaza and FIFA spam run of earlier in June. "Be careful where you click and make sure your security software is blocking those evil links", he said.

Trend Micros's warning has been picked up by fellow IT security researcher Chris Boyd over at Sunbelt Software, who noted that "there appears to be a bit of a mad dash to infect people by the boatload on Twitter, with a variety of different messages being sent to random targets."

One of the PDF exploits, says Boyd, has turned out to be exploit.PDF-JS.Gen (a well-known virus, Infosecurity notes).

"This isn't the first malicious spamrun on Twitter, and it certainly won't be the last. With that in mind, it might be best to avoid random links sent to you from strangers. You never quite know what's at the other end", he said.


This article is featured in:
Internet and Network Security  •  Malware and Hardware Security


Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×